Vonti

Privacy Policy

Last updated: January 18, 2025

Overview

Vonti ("we," "our," or "us") provides a service notification platform that helps businesses communicate with their customers via text messages. This Privacy Policy explains how we collect, use, and protect your information.

Information We Collect

Business Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted and securely stored)
  • Business name
  • Business address (optional)
  • Business phone number for display (optional)
  • Business logo (optional)

Customer Information

When you create service tickets or appointments, the following customer data may be stored:

  • Customer phone number (required for notifications)
  • Customer name (optional for tickets, required for appointments)
  • Customer email (optional)
  • Customer address (optional)
  • Service description and notes
  • Appointment date, time, and confirmation responses
  • Photos or documents attached to tickets

Customer Accounts

Customers may create accounts to view their order history and upcoming appointments. We collect:

  • Email address (for login)
  • Phone number (to match existing records)
  • Last login timestamp

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or banking details. We receive and store only your Stripe customer ID and subscription status.

Automatically Collected Information

  • IP address (for security and rate limiting)
  • Notification delivery status and timestamps
  • Whether customers opened their tracking links
  • Error logs for troubleshooting (sensitive data is redacted)

How We Use Your Information

  • To provide and operate our service notification platform
  • To send SMS notifications to your customers on your behalf
  • To authenticate your account during login
  • To process subscription payments
  • To prevent fraud and abuse through rate limiting
  • To troubleshoot issues and improve our service
  • To communicate with you about your account

Third-Party Services

We use the following third-party services to operate Vonti:

  • Stripe — Payment processing. Your billing information is handled directly by Stripe under their privacy policy.
  • Twilio — SMS delivery. Customer phone numbers and message content are transmitted to Twilio to send notifications.
  • Supabase — Database and authentication. All account and ticket data is stored securely in Supabase.
  • Cloudflare — Security and CAPTCHA verification during signup.
  • Sentry — Error monitoring. We collect anonymized error reports to fix bugs (sensitive data is masked).
  • Resend — Email delivery for transactional emails such as welcome messages and appointment notifications.
  • Upstash — Redis caching and rate limiting. IP addresses are temporarily stored to prevent abuse.

Data Retention

  • Account data is retained while your account is active
  • Ticket and appointment data is retained while your account is active
  • Deleted tickets and appointments are kept in trash for 30 days before permanent deletion
  • Completed or cancelled appointments are automatically deleted after 30 days
  • Notification logs are automatically deleted after 90 days
  • Status history is automatically deleted after 180 days
  • Password reset codes expire after 10 minutes
  • Rate limit records are deleted after 1 day
  • Accounts without an active subscription may be deleted after 7 days

Data Security

We implement security measures including:

  • Encrypted data transmission (HTTPS only)
  • Secure password hashing
  • Rate limiting to prevent abuse
  • Row-level security on database tables
  • Input validation and sanitization
  • Webhook signature verification

Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Your Rights

You may:

  • Access and update your account information in Settings
  • Delete tickets and customer data from your dashboard
  • Cancel your subscription at any time via the billing portal
  • Request deletion of your account by contacting us

Customer Data

As a business using Vonti, you are responsible for ensuring you have appropriate consent from your customers before adding their phone numbers and sending them notifications. You should inform your customers that they will receive text messages about their service status.

SMS Opt-Out Compliance

In compliance with the Telephone Consumer Protection Act (TCPA), customers can opt out of receiving text messages at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any message. When a customer opts out:

  • Their phone number is added to our opt-out list
  • No further messages will be sent to that number
  • The opt-out record is retained indefinitely for compliance
  • Businesses are notified when a customer opts out

Children's Privacy

Vonti is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the service.

Contact Us

If you have questions about this Privacy Policy, please contact us at support@vonti.co